Getting project name from system.perspective.login

We have our security configured to use an Identity Provider, and we have a custom module that contains a script that gets the roles from the SAML response. We call this script in the attribute mapping for "Roles" via the "RunScript" expression function. When this call is made, we pass the SAML response and the hostname as parameters. That function works.

What I am trying to do now is pass the project name as an additional parameter by calling our module script like this: runScript("system.idp.processIdpResponse(samlResponse, system.net.getHostName(),system.project.getProjectName())")

The issue I am running into is trying to use this with project inheritance, we have a "Master" project, and a inherited "Client" project. When I fire the command system.perspective.login() from the "Client" project, the system.project.getProjectName() returns back "Master" instead of "Client".

When system.perspective.login() occurs inside of the "Client" project, is there a way to determine which project that command came from? Is there a way to get that in the ClientHook of the module via the SDK?

That sounds like a bug you should report to support.

Hmm. Maybe not. I'm not sure the IdP is project-scope. Are you sure you aren't just getting the gateway scripting project?

(Have you seen the note in the nightly changes that the complete XML response will be available in session vars soon? That would let you extract custom info in bindings instead of in the IdP.)

Or, potentially, this may be happening:

2 Likes

The Gateway Scripting Project is configured for "Master". When calling system.perspective.login, what scope does that run under?

When you call the RunScript from the expression in the IDP mapping, what scope does that run under?

Everything in perspective runs in Gateway Scope.

Gateway scope has sub-scopes for projects, and anything outside projects falls back to the gateway scripting project. Identity providers are set up outside projects, so it is no surprise that anything executed within the IdP falls back to the gateway scripting project.